a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: SecureAttrs.java,v 1.12 2009/03/31 17:18:10 exu Exp $
ccf9d4a5c6453fa9f8b839baeee25147865fbb7dJames Phillpotts * Portions Copyrighted 2016 ForgeRock AS.
ccf9d4a5c6453fa9f8b839baeee25147865fbb7dJames Phillpottsimport static org.forgerock.openam.utils.Time.*;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>SecureAttrs</code> class forms the core api of "Secure Attributes
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Exchange" (SAE) feature. The class uses off the shelf digital
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * signing and encryption algorithms to generate tamperproof/nonrepudiable
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * strings representing attribute maps and to verify these strings.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Typical SAE usage is to securely send attributes (authentication &
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * use profile data) from an asserting application (eg running on an IDP) to
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * a relying application (eg running on an SP). In this scenario the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * asserting party uses the "signing" interfaces to generate secure
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * data and the relying application uses "verification" interfaces
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * to ascertain the authenticity of the data.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Current implementation provides two mechanisms to secure attributes :
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Symmetric : uses simple shared secrets between the two ends.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Asymmetric : uses PKI based signing using public-private keys.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Freshness is provided by a varying seed generated from the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * current timestamp and a configurable expiry period within which
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the relying party must validate the token.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * HTTP parameter name used to send and receive secure attribute data.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * IDP : sends secure attrs in this parameter.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SP : receives secure attrs in this parameter.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_PARAM_DATA = "sun.data";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAE Parameter representing a command.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Currently only "logout" needs to be explicitly provided. SSO is implied.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * IDP : Uses this parameter to instruct FM to issue a global logout.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SP : Receives this parameter from FM.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_PARAM_CMD = "sun.cmd";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAE Parameter representing the authenticated user.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * IDP : Uses this parameter to send authenticated userid to FM.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SP : Receives userid in this parameter.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_PARAM_USERID = "sun.userid";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAE Parameter representing the session's authentication level.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * IDP : Uses this parameter to send authentication level to FM.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SP : Receives authentication level in this parameter.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_PARAM_AUTHLEVEL = "sun.authlevel";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAE Parameter used to pass IDP entity ID to SP app.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * IDP: Not Applicable
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SP: populates this parameter to identify IDP used in SSO.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_PARAM_IDPENTITYID = "sun.idpentityid";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAE Parameter used to pass SP entity ID to SP app.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * IDP: Not Applicable
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SP: populates this parameter to identify SP used in SSO.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_PARAM_SPENTITYID = "sun.spentityid";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAE Parameter representing the requested SP app to be invoked.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * IDP : populates this parameter with SP side app to be invoked.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SP : Not Applicable.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_PARAM_SPAPPURL = "sun.spappurl";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAE Parameter used to identify the IDP app (Asserting party)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * IDP : populates this parameter to identify itself.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SP : Not Applicable.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_PARAM_IDPAPPURL = "sun.idpappurl";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAE Parameter : Deprecated.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_PARAM_APPID = "sun.appid";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAE Parameter internally used by FM for storing token timestamp.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_PARAM_TS = "sun.ts";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAE Parameter internally used by FM for storing signature data.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_PARAM_SIGN = "sun.sign";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAE Parameter used to comunicate errors.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_PARAM_ERROR = "sun.error";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAE Parameter used to communicate to SP to return to specified url
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * upon Logout completion.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * IDP : Not applicable
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SP : expected to redirect to the value upon processing logout req.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_PARAM_APPSLORETURNURL = "sun.returnurl";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAE Parameter used to comunicate to FM where to redirect after a
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * global logout is completed.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * IDP : sends this param as part of logout command.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_PARAM_APPRETURN = "sun.appreturn";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAE command <code>SAE_PARAM_CMD</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_CMD_LOGOUT = "logout";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Crypto types supported.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_CRYPTO_TYPE = "type";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Crypto type : Symmetric : shared secret based trust between parties.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_CRYPTO_TYPE_ASYM = "asymmetric";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Crypto type : Asymmetric : PKI based trust.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_CRYPTO_TYPE_SYM = "symmetric";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAE Config : classame implementing <code>Cert</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If not specified, a JKS keystore default impl is used.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_CONFIG_CERT_CLASS = "certclassimpl";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAE Config : Location of the keystore to access keys from for
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * asymmetric crypto.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_CONFIG_KEYSTORE_FILE = "keystorefile";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAE Config : keystore type. Default : JKS
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_CONFIG_KEYSTORE_TYPE = "keystoretype";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAE Config : Password to open the keystrore.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_CONFIG_KEYSTORE_PASS = "keystorepass";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAE Config : Private key alias for asymmetric signing. Alias
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * is used to retrive the key from the keystore.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_CONFIG_PRIVATE_KEY_ALIAS = "privatekeyalias";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAE Config : Public key for asymmetric signature verification. Alias
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * is used to retrive the key from the keystore.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_CONFIG_PUBLIC_KEY_ALIAS = "pubkeyalias";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAE Config : Private key for asymmetric signing.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_CONFIG_PRIVATE_KEY = "privatekey";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAE Config : Password to access the private key.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_CONFIG_PRIVATE_KEY_PASS = "privatekeypass";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAE Config : Flag to indicate whether keys should be cached in memory
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * once retrieved from the keystore.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_CONFIG_CACHE_KEYS = "cachekeys";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAE Config : shared secret constant - used internally in FM.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_CONFIG_SHARED_SECRET = "secret";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAE Config : data encryption algorithm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_CONFIG_DATA_ENCRYPTION_ALG =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "encryptionalgorithm";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAE Config : data encryption key strength.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_CONFIG_ENCRYPTION_KEY_STRENGTH =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "encryptionkeystrength";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAE Config : Signature validity : since timetamp on signature.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String SAE_CONFIG_SIG_VALIDITY_DURATION =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "saesigvalidityduration";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Debug : true | false
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static HashMap instances = new HashMap();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns an instance to perform crypto operations.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>SecureAttrs</code> instance.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static synchronized SecureAttrs getInstance(String name)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Initializes a SecureAttrs instance specified by <code>name</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If the instance already exists, it replaces it with the new instance.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Use <code>SecureAttrs.getIstance(name)</code> to obtain the instance.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param name Name of the <code>SecureAttrs</code> instance.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param type Cryptographic key type. Possible values are
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>SecureAttrs.SAE_CRYPTO_TYPE_SYM<code>, and
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>SecureAttrs.SAE_CRYPTO_TYPE_ASYM</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param properties : please see SAE_CONFIG_* constants for configurable
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws Exception rethrows underlying exception.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String name, String type, Properties properties) throws Exception
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SecureAttrs sa = new SecureAttrs(type, properties);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Creates two instances of <code>SecureAttrs</code> named
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "symmetric" and "asymmetric" representing the two suppported
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * crytp types.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param properties : please see SAE_CONFIG_* constants for configurable
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws Exception rethrows underlying exception.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @deprecated For backward compatability with older releases of this api.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Replaced by {@link #init(String,String,Properties)}
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster synchronized public static void init(Properties properties) throws Exception
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster init(SAE_CRYPTO_TYPE_ASYM, SAE_CRYPTO_TYPE_ASYM, properties);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster init(SAE_CRYPTO_TYPE_SYM, SAE_CRYPTO_TYPE_SYM, properties);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns a Base64 encoded string comprising a signed set of attributes.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param attrs Attribute Value pairs to be processed.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param secret Shared secret (symmetric) Private key alias (asymmetric)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return Base64 encoded token String to be passed to a relying party.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String getEncodedString(Map attrs, String secret) throws Exception
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String signedAttrs = signAttributes(attrs, secret);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return Base64.encode(signedAttrs.getBytes("UTF-8"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns encrypted string for the given attributes. The encrypted
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * data is Base64 encoded string encrypted with supplied encryption
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * secret and signs using shared secret.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param attrs Attribute Value pairs to be processed.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param secret Shared secret (symmetric) Private key alias (asymmetric) * @param encSecret The encryption secret (symmetric) or Public
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Key alias (asymmetric)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return Base64 encoded token String to be passed to a relying party.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String getEncodedString(Map attrs, String secret, String encSecret)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String signedString = signAttributes(attrs, secret);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Key encKey = getPublicKey(encSecret).getPublicKey();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster encryptedString = DataEncryptor.encryptWithAsymmetricKey(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster encryptedString = DataEncryptor.encryptWithSymmetricKey(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println("SAE.getEncodedString: encrypted string" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private String signAttributes(Map attrs, String secret) throws Exception {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sb.append(key).append("=").append(value).append("|");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sb.append("Signature=").append(getSignedString(attrs, secret));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Verifies a Base64 encoded string for authenticity based on the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * shared secret supplied.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param str Base64 encoded string containing attribute
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param secret Shared secret (symmmetric) or Public Key (asymmetric)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return Decoded, verified and parsed attrbute name-valie pairs.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public Map verifyEncodedString(String str, String secret) throws Exception
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map map = getRawAttributesFromEncodedData(str);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println("SAE:verifyEncodedString() : "+map);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String signatureValue = (String) map.remove("Signature");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(!verifyAttrs(map, signatureValue, secret)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Verifies the encrypted data string using encryption secret and
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * shared secret that was used for signing.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param str Base64 encoded string containing attribute
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param secret Shared secret (symmmetric) or Public Key (asymmetric)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param encSecret The encryption secret (symmetric) or Public
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Key alias (asymmetric)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return Decoded, verified and parsed attrbute name-valie pairs.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public Map verifyEncodedString(String str, String secret, String encSecret)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster decryptStr = DataEncryptor.decryptWithAsymmetricKey(str,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster decryptStr = DataEncryptor.decryptWithSymmetricKey(str,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println("SAE:verifyEncodedString() : "+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return verifyEncodedString(decryptStr, secret);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private boolean isEncrypted(String str) throws Exception {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns a decoded <code>Map</code> of attribute-value pairs.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * No verification is performed. Useful when retrieving data before
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * verifying contents for authenticity.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param str Base64 encoded string containing attribute
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return Decoded and parsed attrbute name-value pairs.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public Map getRawAttributesFromEncodedData(String str) throws Exception
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster StringTokenizer tokenizer = new StringTokenizer(decoded, "|");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String value = st.substring(index+1, st.length());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns a decoded <code>Map</code> of attribute-value pairs.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * No verification is performed. Useful when retrieving data before
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * verifying contents for authenticity.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param str Base64 encoded string containing attribute
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param encSecret The encryption secret (symmetric) or Public
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Key alias (asymmetric)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return Decoded and parsed attrbute name-value pairs.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public Map getRawAttributesFromEncodedData(String str, String encSecret)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster decryptStr = DataEncryptor.decryptWithAsymmetricKey(str,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster decryptStr = DataEncryptor.decryptWithSymmetricKey(str,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println("SAE.getRawAttributes() decrypted" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return getRawAttributesFromEncodedData(decryptStr);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This interface allows to set the private to be used for signing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * as an alternative to passing down <code>SAE_CONFIG_PRIVATE_KEY_ALIAS</a>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * via <code>init</code>. Use this interface if you do not want
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SecureAttr to obtain the signing key from a configured keystore.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * To use this key during signing, specify secret as null.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param privatekey
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setPrivateKey(PrivateKey privatekey)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This interface allows to register a public key to be used for signature
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * verification. Use this interface if you do not want SecureAttrs to
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * obtain public keys from a configured keystore.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param pubkeyalias
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param x509certificate instance.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String pubkeyalias, X509Certificate x509certificate)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster certs.addPublicKey(pubkeyalias, x509certificate);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private X509Certificate getPublicKey(String alias)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns a String representing data in the attrs argument.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The String generated can be one of the following depending
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * on configuration :
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SHA1 digest based on a shared secret and current timestamp.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Digital signature based on a configured certificate key.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param attrs List of attribute Value pairs to be processed.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param secret Shared secret (symmmetric) or Private Key (asymmetric)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return token String to be passed to a relying party.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String getSignedString(Map attrs, String secret) throws Exception
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Normalize
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Setup a fresh timestamp
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster signature = signAsym(str.append(timestamp).toString(), pKey);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Create seed : TIMESTAMP + shared secret
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Verifies the authenticity of data the attrs argument based
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * on the token presented. Both attrs and token is sent by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * a asserting party.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param attrs List of attribute Value pairs to be processed.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param token token represnting attrs provided by asserting party.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param secret Shared secret (symmmetric) or Public Key (asymmetric)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return true if attrs and token verify okay, else returns false.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public boolean verifyAttrs(Map attrs, String token, String secret)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Normalize
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Retrieve timestamp
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Check timestamp validity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String signature = token.substring(idx + 2, token.length());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Create seed : TIMESTAMP + shared secret
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String newstr ="TS"+ts+ "TS"+encrypt(str+seed, seed);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private SecureAttrs(String type, Properties properties) throws Exception
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String dur = properties.getProperty(SAE_CONFIG_SIG_VALIDITY_DURATION);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String clzName = properties.getProperty(SAE_CONFIG_CERT_CLASS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster certs = (Certs) Class.forName(clzName).newInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //"com.sun.identity.sae.api.FMCerts").newInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster dataEncAlg = (String)properties.get(SAE_CONFIG_DATA_ENCRYPTION_ALG);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster encKeyStrength = (new Integer(tmp)).intValue();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Sort the Map
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Flatten to a single String
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster str.append(key).append("=").append(smap.get(key)).append("|");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private synchronized String encrypt(String plaintext,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster md = MessageDigest.getInstance("SHA"); //step 2
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster md.update((plaintext).getBytes("UTF-8")); //step 3
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private String signAsym(String s, PrivateKey privatekey)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(s == null || s.length() == 0 || privatekey == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println("SAE : signAsym: returning since priv key null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster signature = Signature.getInstance("SHA1withRSA");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String s2 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println("SAE:asym sign : RSA failed ="+exception);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster signature = Signature.getInstance("SHA1withDSA");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String s3 = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println("SAE:asym sign : DSA failed ="+exception1);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println("SAE:asym sign : No Algorithm");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println("SAE:asym sign : sig.initSign failed"+exception2);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println("SAE:asym sign : sig.update failed"+exception3);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println("SAE:asym sign : sig.sign failed"+exception4);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println("SAE:asym sign : sigBytes null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private boolean verifyAsym(String s, String s1, X509Certificate x509certificate)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(s == null || s.length() == 0 || x509certificate == null || s1 == null)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println("SAE:asym verify: qstring or cert or signature is null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println("SAE:verifyAsym:signature="+abyte0+" origstr="+s1);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String s2 = x509certificate.getPublicKey().getAlgorithm();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster signature = Signature.getInstance("SHA1withDSA");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println("SAE:asym verify : DSA instance"+exception);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster signature = Signature.getInstance("SHA1withRSA");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println("SAE:asym verify : RSA instance"+exception1);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println("SAE:asym verify : no instance");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println("SAE:asym verify :sig.initVerify"+exception2);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println("SAE:asym verify :sig.update:"+exception3+" sig="+abyte0);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean flag = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println("SAE:asym verify :sig.verify:"+exception4+"sig="+abyte0);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster properties.setProperty("keystorefile", "mykeystore");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster properties.setProperty("keystorepass", "22222222");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster properties.setProperty("privatekeyalias", "test");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster properties.setProperty("publickeyalias", "test");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster properties.setProperty("privatekeypass", "22222222");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster properties.setProperty("encryptionkeystrength", "56");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster properties.setProperty("encryptionalgorithm", "DES");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SecureAttrs.init("testsym", SecureAttrs.SAE_CRYPTO_TYPE_SYM,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SecureAttrs.init("testasym", SecureAttrs.SAE_CRYPTO_TYPE_ASYM,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println("TEST 1 START test encoded str ===========");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SecureAttrs secureattrs = SecureAttrs.getInstance("testsym");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String s = "YnJhbmNoPTAwNXxtYWlsPXVzZXI1QG1haWwuY29tfHN1bi51c2VyaWQ9dXNlcjV8U2lnbmF0dXJlPVRTMTE3NDI3ODY1OTM2NlRTbzI2MkhoL3R1dDRJc0U1V3ZqWjVSLzZkM0FzPQ==";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map map = secureattrs.verifyEncodedString(s, "secret");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println("TEST 1 END ================");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println("TEST 2 START : encode followed by decode ===");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println(" TEST 2a START : SYM KEY ===");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster secureattrs = SecureAttrs.getInstance("testsym");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String s2 = secureattrs.getEncodedString(hashmap, s1);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map map1 = secureattrs.verifyEncodedString(s2, s1);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println(" TEST 2b START : ASYM KEY ===");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String s3 = secureattrs.getEncodedString(hashmap, s1);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster map1 = secureattrs.verifyEncodedString(s3, s1);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println("TEST 2 END ====================");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println("TEST 3 START : decode with incorrect secret");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println(" TEST 3a START : SYM KEY ===");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster map1 = secureattrs.verifyEncodedString(s2, "junk");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println(" TEST 3b START : ASYM KEY ===");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster map1 = secureattrs.verifyEncodedString(s3, "junk");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println("TEST 3 END ====================");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println("TEST 4 START : decode with correct secret");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println(" TEST 4a START : SYM KEY ===");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster map1 = secureattrs.verifyEncodedString(s2, s1);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println(" TEST 4b START : ASYM KEY ===");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster map1 = secureattrs.verifyEncodedString(s3, s1);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println("TEST 4 END ====================");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println(" TEST 5a START : ASYM KEY ===");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster s3 = secureattrs.getEncodedString(hashmap, s1, s1);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster map1 = secureattrs.verifyEncodedString(s3, s1, s1);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println(" TEST 5b START : SYM KEY ===");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster secureattrs = SecureAttrs.getInstance("testsym");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster s2 = secureattrs.getEncodedString(hashmap, s1, s1);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster map1 = secureattrs.verifyEncodedString(s2, s1, s1);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println("TEST 5 END ====================");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void init(Properties props) throws Exception;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public X509Certificate getPublicKey(String alias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setPrivatekey(PrivateKey privatekey);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String pubkeyalias, X509Certificate x509certificate);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void init(Properties properties) throws Exception
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String keyfile = properties.getProperty("keystorefile");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FileInputStream fileinputstream = new FileInputStream(keyfile);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String kpass = properties.getProperty(SAE_CONFIG_KEYSTORE_PASS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster pkpass = properties.getProperty(SAE_CONFIG_PRIVATE_KEY_PASS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public X509Certificate getPublicKey(String alias)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster x509certificate = getPublicKeyFromKeystore(alias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster System.out.println("SAE:getPublicKey:Exc:"+exception);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setPrivatekey(PrivateKey privatekey)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String pubkeyalias, X509Certificate x509certificate)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private X509Certificate getPublicKeyFromKeystore(String pubkeyalias)